 /*
   * Copyright 2009 Red Hat, Inc.
   *
   * Red Hat licenses this file to you under the Apache License, version 2.0
   * (the "License"); you may not use this file except in compliance with the
   * License.  You may obtain a copy of the License at:
   *
   *    http://www.apache.org/licenses/LICENSE-2.0
   *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
   * License for the specific language governing permissions and limitations
   * under the License.
   */
  package org.jboss.netty.example.securechat;
  
  import java.security.InvalidAlgorithmParameterException;
  import java.security.KeyStore;
  import java.security.KeyStoreException;
  import java.security.cert.CertificateException;
  import java.security.cert.X509Certificate;
  
  import javax.net.ssl.ManagerFactoryParameters;
  import javax.net.ssl.TrustManager;
  import javax.net.ssl.TrustManagerFactorySpi;
  import javax.net.ssl.X509TrustManager;
  
  /**
   * Bogus {@link TrustManagerFactorySpi} which accepts any certificate
   * even if it is invalid.
   *
   * @author <a href="http://www.jboss.org/netty/">The Netty Project</a>
   * @author <a href="http://gleamynode.net/">Trustin Lee</a>
   *
   * @version $Rev: 2080 $, $Date: 2010-01-26 18:04:19 +0900 (Tue, 26 Jan 2010) $
   */
  public class SecureChatTrustManagerFactory extends TrustManagerFactorySpi {
  
      private static final TrustManager DUMMY_TRUST_MANAGER = new X509TrustManager() {
          public X509Certificate[] getAcceptedIssuers() {
              return new X509Certificate[0];
          }
  
          public void checkClientTrusted(
                  X509Certificate[] chain, String authType) throws CertificateException {
              // Always trust - it is an example.
              // You should do something in the real world.
              // You will reach here only if you enabled client certificate auth,
              // as described in SecureChatSslContextFactory.
              System.err.println(
                      "UNKNOWN CLIENT CERTIFICATE: " + chain[0].getSubjectDN());
          }
  
          public void checkServerTrusted(
                  X509Certificate[] chain, String authType) throws CertificateException {
              // Always trust - it is an example.
              // You should do something in the real world.
              System.err.println(
                      "UNKNOWN SERVER CERTIFICATE: " + chain[0].getSubjectDN());
          }
      };
  
      public static TrustManager[] getTrustManagers() {
          return new TrustManager[] { DUMMY_TRUST_MANAGER };
      }
  
      @Override
      protected TrustManager[] engineGetTrustManagers() {
          return getTrustManagers();
      }
  
      @Override
      protected void engineInit(KeyStore keystore) throws KeyStoreException {
          // Unused
      }
  
      @Override
      protected void engineInit(ManagerFactoryParameters managerFactoryParameters)
              throws InvalidAlgorithmParameterException {
          // Unused
      }
  }
